Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed.
Last week, a stranger mailed Faith a letter to inform her that they, the stranger, had full access to the AV and telemetry from her home; they were also Vivint Home Security customers and Vivint was leaking their data.
The stranger had spoken to Vivint, but the company had failed to address the problem. When Faith contacted the company about the letter, they initially refused to believe her. They told her she'd owe them thousands of dollars if she canceled her contract. The company now says the issue's been resolved and "we are updating our processes to make sure it can't happen again."
Vivint said the same thing in 2012, when another customer tried to cancel his service because his feeds were being exposed to other customers. Vivint also tried to charge that customer thousands to get out of his contract.
The spokesperson told CBC News the security system requires an email invitation to connect, but a technician used their own email account to connect the system for a customer who did not have an email account.
They said the two systems were accidentally connected when the technician went to the next installation.
The spokesperson said the technician felt "terrible" about the incident.
'I'm looking out your front door': Stranger had access to homeowner's security cameras [Alicia Bridges/CBC]
In his first U.S. TV interview, Ren Zhengfei describes Huawei as “a tomato” crushed between two superpowers.
MG has built a proof-of-concept malicious USB cable with a tiny wifi radio hidden inside of it, able to wirelessly exfilatrate stolen data; he calls it the O. MG, and while the prototype cost him $4k and took 300 hours, he's working with a team on a small production run for other security researchers to […]
Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. "We take […]
Use a single password for every website, and you’re compromising your security. Use a different one each time, and you’re bound to lose track of them. The solution? RoboForm Everywhere, a catch-all tool that will not only manage the passwords on every site you visit but generate better ones. As a simple password database, it’s […]
Just a reminder: Print isn’t dead. And now that printers are becoming as portable as cell phones, it might be around for quite some time. Enter the MEMOBIRD Mobile Thermal Printer, a mini-printer that is versatile, portable – and most importantly, never needs a refill on ink or toner. Measuring just a few inches around, […]
What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]